fix(lock): Add missing lockfile update

configuration/services/battery-manager.nix

@@ -13,9 +13,4 @@
       log_level = "DEBUG";
     };
   };
-
-  sops.secrets = {
-    "battery-manager/email" = { };
-    "battery-manager/password" = { };
-  };
 }

configuration/services/conduit/default.nix

@@ -179,11 +179,4 @@ in
   systemd.services.coturn.serviceConfig.SupplementaryGroups = [
     config.security.acme.certs."tlater.net".group
   ];
-
-  sops.secrets = {
-    "turn/env" = { };
-    "turn/secret" = {
-      owner = "turnserver";
-    };
-  };
 }

configuration/services/conduit/heisenbridge.nix

@@ -75,10 +75,4 @@ in
         # AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
       };
     };
-
-  sops.secrets = {
-    # Accessed via systemd cred through /run/secrets/heisebridge
-    "heisenbridge/as-token" = { };
-    "heisenbridge/hs-token" = { };
-  };
 }

configuration/services/conduit/matrix-hookshot.nix

@@ -163,10 +163,4 @@ in
       metrics.enabled = true;
     };
   };
-
-  sops.secrets = {
-    # Accessed via systemd cred through /run/secrets/matrix-hookshot
-    "matrix-hookshot/as-token" = { };
-    "matrix-hookshot/hs-token" = { };
-  };
 }

configuration/services/metrics/grafana.nix

@@ -67,15 +67,4 @@ in
       };
     };
   };
-
-  sops.secrets = {
-    "grafana/adminPassword" = {
-      owner = "grafana";
-      group = "grafana";
-    };
-    "grafana/secretKey" = {
-      owner = "grafana";
-      group = "grafana";
-    };
-  };
 }

configuration/services/metrics/victoriametrics.nix

@@ -96,10 +96,4 @@ in
       victorialogs.targets = [ config.services.victorialogs.bindAddress ];
     };
   };
-
-  sops.secrets."forgejo/metrics-token" = {
-    owner = "forgejo";
-    group = "metrics";
-    mode = "0440";
-  };
 }

configuration/services/nextcloud.nix

@@ -100,9 +100,4 @@ in
 
   # Ensure that this service doesn't start before postgres is ready
   systemd.services.nextcloud-setup.after = [ "postgresql.service" ];
-
-  sops.secrets."nextcloud/tlater" = {
-    owner = "nextcloud";
-    group = "nextcloud";
-  };
 }

configuration/services/starbound.nix

@@ -114,7 +114,4 @@ in
     paths = [ "/var/lib/private/starbound/storage/universe/" ];
     pauseServices = [ "starbound.service" ];
   };
-
-  # Accessed via systemd cred through /run/secrets/steam
-  sops.secrets."steam/tlater" = { };
 }

configuration/services/wireguard.nix

@@ -62,10 +62,4 @@
       };
     };
   };
-
-  sops.secrets."wireguard/server-key" = {
-    owner = "root";
-    group = "systemd-network";
-    mode = "0440";
-  };
 }

configuration/sops.nix

@@ -3,6 +3,41 @@
     defaultSopsFile = ../keys/production.yaml;
 
     secrets = {
+      "battery-manager/email" = { };
+
+      "battery-manager/password" = { };
+
+      # Gitea
+      "forgejo/metrics-token" = {
+        owner = "forgejo";
+        group = "metrics";
+        mode = "0440";
+      };
+
+      # Grafana
+      "grafana/adminPassword" = {
+        owner = "grafana";
+        group = "grafana";
+      };
+      "grafana/secretKey" = {
+        owner = "grafana";
+        group = "grafana";
+      };
+
+      # Heisenbridge
+      "heisenbridge/as-token" = { };
+      "heisenbridge/hs-token" = { };
+
+      # Matrix-hookshot
+      "matrix-hookshot/as-token" = { };
+      "matrix-hookshot/hs-token" = { };
+
+      # Nextcloud
+      "nextcloud/tlater" = {
+        owner = "nextcloud";
+        group = "nextcloud";
+      };
+
       # Restic
       "restic/local-backups" = {
         owner = "root";
@@ -10,13 +45,27 @@
         mode = "0440";
       };
 
+      # Steam
+      "steam/tlater" = { };
+
       # Turn
+      "turn/env" = { };
+      "turn/secret" = {
+        owner = "turnserver";
+      };
       "turn/ssl-key" = {
         owner = "turnserver";
       };
       "turn/ssl-cert" = {
         owner = "turnserver";
       };
+
+      # Wireguard
+      "wireguard/server-key" = {
+        owner = "root";
+        group = "systemd-network";
+        mode = "0440";
+      };
     };
   };
 }